An interview with Vincent Lomba, Chief Technical Security Officer, Alcatel-Lucent Enterprise
Government relies on data to make difficult decisions, and one data point is of significant concern to cybersecurity experts, said Vincent Lomba at Alcatel-Lucent Enterprise: Since the beginning of this year, the number of cyber vulnerabilities has doubled.
“The question is not will you be attacked, but what will be the consequence,” Lomba said.
He believes that staff should know and understand an agency’s cybersecurity strategy, with communications sent to them regularly. It also should be tested — in other words, an organization should conduct live simulations, perhaps without giving staff advanced knowledge of the exercise.
But there’s one big challenge: financing.
Funding a cybersecurity program is difficult because it does not have a simple return on investment, Lomba said. “It’s all about awareness at each and every level, especially at the executive level, to convince them that there is something to address [and] there is some money to invest,” he said. They need to balance cost and protection.
Agencies don’t have to guess about effective strategies for preventing cyber breaches. According to Lomba, cybersecurity insurers, which help organizations reduce their liability and financial exposure following a cyber breach, base their pricing and coverage decisions on probabilities and other statistics that agencies also can use.
Speaking in Plain Language
Cybersecurity jargon can be unintelligible to non-IT agency employees. That’s why using plain, simple language can make the difference between convincing leaders to fund cyber initiatives and allowing them to disregard cyber threats, Lomba explained.
When talking about security measures, he said to focus on the basics: Let officials know that the agency is at risk and what the consequences are, and avoid “very complex, IT- guy” words.
Following Best Practices
What guidance does Lomba offer for agencies contemplating cyber reforms? He encourages organizations to have dedicated, skilled people to manage their cybersecurity programs, and he urges agencies to ensure the cyber protection of the third parties with which they deal. In other words, make sure that everyone in the supply chain is protected, so their cyber vulnerabilities don’t affect you.
Lomba also believes that organizations should consider cybersecurity options early on when buying new technology. Weighing only price and potential features is shortsighted, he said.
Alcatel-Lucent provides agencies with customized networking, communications and cloud solutions that help organizations follow these best practices. The firm accompanies agencies in their cybersecurity journeys and offers consistent support throughout the product’s lifetime, Lomba said.
Sometimes the goal of cyber protection is to shield consumer data and prevent financial loss. But Lomba said sometimes the consequences of a data breach are more profound — for instance, when it would expose the names of personnel whose lives would be at risk. Agencies must consider several fundamental questions, he said: “What is the importance of cybersecurity for you, and why do you want to put that into action? Is it just to be compliant with law, or is it also for something much more important than that?”
This article appears in our guide “Bright Ideas for Making Cyber Stick.” To see more about how agencies are implementing cybersecurity, download the guide.